"Fake" Rudd email: Why wasn't it checked?

By Lilia Guan on Jun 25, 2009 6:00 AM
Filed under Security

Five minutes is all it takes to authenticate an email, according to one IT security expert.

The Australian Federal Police (AFP) is currently conducting a preliminary forensic investigation of computers located at a premises in Canberra and at the offices of the Department of Treasury, in relation to the email at the centre of the 'Utegate' scandal.

The scandal broke out when opposition leader Malcolm Turnbull's accused Prime Minister Rudd (pictured) of using his powers to help to a car dealer friend, though the debate is now focused on an alleged "fake email" from the Prime Minister.

In a statement to the media, Prime Minister Rudd said "Turnbull's allegations are based on the existence of an alleged email between a staff member of mine and a Treasury official on the 19th of February".

The AFP has confirmed; "Preliminary results of those forensic examinations indicate that the e-mail referred to at the centre of this investigation has been created by a person or persons other than the purported author of the e-mail."

Ajoy Ghosh, security executive at Logica told CRN the AFP were taking their time on investigating where the email came from due to political sensitivity.

"This is literally a five minute job," he said.

"They are taking so long because they want to play it safe."

Ghosh told CRN that if Liberal Party members were in receipt of the alleged 'fake' email, they could've taken it to their email administrator to have it authenticated.

"It literally takes five minutes to check if an email is kosher," he said.

"Why didn't the opposition do more to check the authenticity of the email before making accusations?

"I wouldn't expect opposition leader Malcolm Turnbull to be able to determine the authenticity of an email, but an administrator or even a forensic expert would know what to look for."

Ghosh said most Australian corporations and government agencies have gateways, firewalls and security in place to prevent unauthorised email and spam from getting into a user's email box.

However, if a user is authorised to use a computer and sends a forged email to another person in the same building, then the security product would not be able to prevent it from getting through, he said.

"If that is the case then authentication of the user won't matter," said Ghosh.

"You can't stop someone from using a legitimate email box for the wrong reasons.

"Despite the actions of that person, it doesn't negate the fact that the recipient of a suspicious email didn't have it verified."

Ghosh said it doesn't take a "forensic expert" to know if an email is suspicious.

 
Follow us on Facebook and Twitter
 
"Fake" Rudd email: Why wasn't it checked?
 
 
 
 
 
Top Stories
Reseller pays $2.65m for telco specialist
Acquisition scene heats up as JCurve makes another buyout.
 
Kytec files for administration, new company set up
Driven by management buyout, says MD.
 
Dataflex reborn under new owners
Buyer aiming for $30m after second acquisition in six months.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 326 | April 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.